A committee on "Data Protection", headed by "B.N. Srikrishna" has submitted it's report recently, the committee
was tasked with providing recommendations on what personal data is, the consent requirements for accessing personal data,
and the penalties for misusing such data.
Recommendations of B.N. Srikrishna committee
According to report, "Sensitive personal data will include passwords, financial data, health data, official identifier,
sex life, sexual orientation, bio-metric and genetic data, and data that reveals transgender status, intersex status, caste,
tribe, religious or political beliefs or affiliations of an individual".
The report also suggest that the consent of user to access personal data should be lawful, free, informed, specific, clear and
capable of being withdrawn while explicit consent should be adopted for sensitive personal data.
"The right to be forgotten" is also supported by the committee, to be adopted by the proposed data protection authority.
The data protection authority should be determining eligibility of the application on the basis of five points:
1) The sensitivity of the personal data sought to be restricted.
2) The scale of disclosure sought to be restricted.
3) The role of the data principal (whose data it is) in public life.
4) The relevance of the personal data to the public.
5) The nature of the disclosure.
A penalty for data misuse is also recommended by the committee, in the form of either a percentage of total turnover
of the misuser(2 per cent) or a fixed amount(5 Crore rupees) whichever is higher set by the law.
If the company fails to take "prompt and appropriate action" in case of data such as personal data, sensitive personal data,
and the personal data on children, the committee recommends 15 crore rupees or 4 per cent of the total worldwide turnover.